"Historically, the exploitation window favored the defender. A vulnerability was disclosed, teams assessed their exposure, and remediation followed a predictable patch cycle. AI has shattered that timeline. In 2025, over 32% of vulnerabilities were exploited on or before the day the CVE was issued. The infrastructure powering this is massive, with AI-powered scan activity reaching 36,000 scans per second. But it's not just about speed; it's about context."
"AI compresses reconnaissance, simulation, and prioritization into a single automated sequence. The exposure you created this morning can be modeled, validated, and positioned inside a viable attack path before your team has lunch. Only 0.47% of identified security issues are actually exploitable. While your team burns cycles reviewing the 99.5% of "noise," AI is laser-focused on the 0.5% that matters, isolating the small fraction of exposures that can be chained into a viable route to your critical assets."
Developers often deploy cloud workloads with overly broad permissions and leave temporary API keys unrevoked, creating latent exposures. Within minutes, AI-powered adversarial systems can discover over-permissioned workloads, map identity relationships, and calculate viable routes to critical assets, simulating thousands of attack sequences. AI compresses reconnaissance, simulation, and prioritization into a single automated sequence, collapsing the defender's remediation window. In 2025, over 32% of vulnerabilities were exploited on or before CVE issuance, supported by AI-powered scan activity reaching 36,000 scans per second. Only 0.47% of identified issues are exploitable, and AI concentrates on that small exploitable fraction, chaining exposures into attack paths and expanding the attack surface introduced by AI infrastructure.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]